<?php include_once('database.php') ?>

<?php
include_once('session_start.php');
				
$name = trim($_POST["Name"]);
$media = $_POST["Media"];
$genre = $_POST["GenreName"];
$releasedate = $_POST["Year"].'-'.$_POST["Month"].'-'.$_POST["Day"];
$id = $_GET["id"];
if($_POST["net_picture"] != ""){
	$picture["name"] = $_POST["net_picture"];
	$explode = explode(".", $picture["name"]);
	$extension = end($explode);
	$picture["type"] = "image/".$extension;
	$picture["size"] = 0;
}else{
	$picture = $_FILES["local_picture"];
}
foreach($_POST as $k => $v){
    $_SESSION["Material"][$k]=$v;
}

if(($name&&$media&&$genre&&$_POST["Year"])!="" 
|| ($name&&$media&&$genre&&$_POST["Year"])!=NULL){			
	// Start of picture upload and checking if it's right file type and doesn't exceed max file size.
	failnetpicture:
	$allowedextensions = array("gif", "jpeg", "jpg", "png");
	$explode = explode(".", $picture["name"]);
	$extension = end($explode);
	if($picture["name"]=="" || $picture["name"]==NULL){
		// If no file was given.
		$stmt = $db ->prepare('UPDATE item 
							   SET Name=?, MediaId=?, ReleaseDate=?
							   WHERE MaterialId = ?;');
		$stmt ->bind_param('sisi',$name,$media,$releasedate,$id);
		$stmt ->execute();
				 
	}else{
		if($_POST["net_picture"] != ""
		|| $_POST["net_picture"] != NULL){
			if(in_array($extension, $allowedextensions)){
				$itemquery = $db ->prepare('UPDATE item
				 					        SET Name=?, MediaId=?, ReleaseDate=?
									        WHERE MaterialId = ?;');
				$itemquery ->bind_param('sisi',$name,$media,$releasedate,$id);
				$itemquery -> execute();
                
                $db -> query("DELETE FROM itemimage WHERE MaterialId=".$id);
                				
                $imgquery = $db->prepare("INSERT INTO itemimage(filename,MaterialId) 
                                          VALUES(?,?)");
                $imgquery -> bind_param('si',$picture["name"],$id);
                $imgquery -> execute();
                
				
			}else{
				$picture = $_FILES["local_picture"];
				if($picture["name"] == '' || $picture["name"] == NULL){
					$_SESSION["H7_Library_Message"]="Forkert eller for stor fil";
					header('Location:update_material.php?id='.$id);
					die;
				
				}
				$_POST["net_picture"] = "";
				goto failnetpicture;
			}
		}else{
			if ((($_FILES["local_picture"]["type"] == "image/gif")	
			|| ($_FILES["local_picture"]["type"] == "image/jpeg")
			|| ($_FILES["local_picture"]["type"] == "image/jpg")
			|| ($_FILES["local_picture"]["type"] == "image/png"))
			&& ($_FILES["local_picture"]["size"] < $_POST["MAX_FILE_SIZE"])
			&& in_array($extension, $allowedextensions)){
				if ($_FILES["local_picture"]["error"] > 0) {
					$_SESSION["H7_Library_Message"] .=htmlspecialchars($picture["error"]);
					header('Location:update_material.php?id='.$id);
					die;
				}else{

                    $stmt = $db ->prepare('UPDATE item 
                                           SET Name=?, MediaId=?, ReleaseDate=? 
                                           WHERE MaterialId = ?;');
                    $stmt ->bind_param('sisi',$name,$media,$releasedate,$id);
                    $stmt ->execute();					
                    
                    $db -> query("DELETE FROM itemimage WHERE MaterialId=".$id);
                                    
                    $query = $db -> prepare("INSERT INTO itemimage (filename, mime_type, file_size, file_data, MaterialId)
                                      VALUES (?, ?, ?, ?, ?)");
                    $query ->bind_param('ssisi',$picture['name'],$picture['type'],$picture['size'],file_get_contents($picture['tmp_name']),$id);
                    $query ->execute();     
					

						
				}
			}else{
				$_SESSION["H7_Library_Message"] .="Forkert eller for stor fil<br>";
				header('Location:update_material.php?id='.$id);
				die;
				
			}	
		}
	}
	// End of picture upload

	$db ->query("DELETE FROM itemgenre 
				WHERE MaterialId=".$id.";");
                
	foreach ($genre as $value){
		$db ->query("INSERT INTO itemgenre
					VALUES (".$id.",".$value.");");
	}
    unset($_SESSION["Material"]);
	header('Location:index.php');
}else{
	$_SESSION["H7_Library_Message"] .="Alle felter blev ikke fyldt ud";
	header('Location:update_material.php?id='.$id);
}

?>